coffeeshot.md 1.5 KB
:coffee: CoffeeShot: Avoid Detection with Memory Injection :syringe:
Description
CoffeeShot is an evasion framework that injects payload from Java-based programs into designated processes on Microsoft Windows.
CoffeeShot assists blue team members in assessing the effectiveness of their anti-malware measures against malicious software written in Java. Red team members and pen testers can also use CoffeeShot to bypass the target’s security controls.
CoffeShot utilizes JNA (Java Native Access) to inject payload from Java-based programs into designated processes on Microsoft Windows.
The memory injection methods that CoffeeShot employs are straightforward and are well-known in the context of traditional, compiled executables. The effectiveness of these techniques at evading AV when they’re implemented in Java, highlights the brittle nature even by modern antivirus tools.
Categories
- Frameworks
- Security Testing
- Red Team
- Ethical Hacking
- Post Exploitation
Black Hat sessions
Code
https://github.com/MinervaLabsResearch/CoffeeShot
Lead Developer
Asaf Aprozper (@3pun0x)